Was this report the basis for TJX's level of security spending?
http://www.bespacific.com/mt/archives/016939.html
December 26, 2007
2007 Annual Study: U.S. Cost of a Data Breach
Ponemon 2007 Annual Study: U.S. Cost of a Data Breach - Understanding Financial Impact, Customer Turnover, and Preventitive Solutions: This study "was derived from a detailed analysis of 35 data breach incidents. According to the study, the cost per compromised customer record increased in 2007, compared to 2006. Lost business opportunity, including losses associated with customer churn and acquisition, represented the most significant component of the cost increase. Companies analyzed were from 16 different industries, including communications, consumer goods, education, entertainment, financial services, gaming, health care, hospitality, internet, manufacturing, marketing, media, retail, services, technology, and transportation."
One positive outcome of the TJX data spill?
http://www.pogowasright.org/article.php?story=20071227063830294
OR: Law requires businesses to protect personal data
Thursday, December 27 2007 @ 06:38 AM EST Contributed by: PrivacyNews News Section: State/Local Govt.
... Identity theft is rampant in the U.S. The Federal Trade Commission ranks Oregon as the 13th-worst state per capita for this crime. Therefore, it's good business to protect personal information. And in a few days -- Jan. 1 -- it will be law.
The Oregon Identity Theft Protection Act (SB 583) will require businesses, organizations and government agencies to have a plan in place to protect the personal data they collect, keep and share. Personal data is defined as a person's name in combination with either a Social Security number, Oregon driver's license or identification card number, passport number or other U.S.-issued identification number or financial account number, credit or debit card number along with any required access code or password that provide access to a financial account.
All plans are not made equal --they will vary depending on the nature and size of the business. The key is taking reasonable measures to ensure the confidentiality of your customer and employee information. For example, encrypt, or make unreadable, computerized files -- especially files on laptops; designate one or more employees to coordinate a security program; and know what sensitive information you have.
Source - StatesmanJournal.com
...and a negative outcome? This is simpler than it sounds. Just give the government all the data you want kept secret, and they will match it against online data (and send the take-down notices) for you! Aren't they nice guys?
http://techdirt.com/articles/20071226/145810.shtml
Can Legislation Let People Opt-Out Of Having Their Info Show Up Online?
from the seems-like-a-long-shot dept
The "Do Not Call" list has been something of a success over the past five years, but the various attempts at similar "do not X" lists always seem a bit ridiculous. The latest, coming from the state of Connecticut, would institute an impossible to enforce and most likely unconstitutional universal opt-out list for your info online. The idea is that there are so many directory sites/people search engines/list sites online, many of which have your name, address and potentially other information such as where you work. The law proposed by Connecticut's governor would allow you to "opt-out" and require all of these sites to take your info offline. Of course, as the article notes, much of that info is already public info and there's nothing illegal about compiling a list of public information. Where would the line be drawn? If your info shows up in a Google search, is Google suddenly liable? It's also unclear how you could possibly enforce a requirement that someone's name and address never get posted online. If anything, it sounds like more grandstanding legislation designed to make a politician look good rather than deal with the very real issues at hand concerning privacy.
In order to manage this (or any) risk, first you must formulate a strategy. “Don't worry about it.” isn't the one I would recommend.
http://www.pogowasright.org/article.php?story=20071226145640425
UK: Primary school data 'at risk'
Wednesday, December 26 2007 @ 02:56 PM EST Contributed by: PrivacyNews News Section: Non-U.S. News
Personal details of some two million primary schoolchildren in England is being put at risk by staff taking home unprotected data, it has been claimed.
A survey of almost 1,000 primary schools found that almost half, 49%, were backing up pupil data onto discs, memory sticks or tapes which were taken off the school premises, exposing the material to loss or theft.
IT experts, RM School Management Solutions (RM SMS), which carried out the survey, said that just 1% or respondents encrypted the data.
Source - ThisIsGrimsby.co.uk
Not uncommon for data to exist in one system, but be unavailable to another. You have to PLAN to use your data to advantage...
SF meter maids ticket stolen car 29 times
A San Francisco woman reported her Honda Civic stolen to the San Francisco police. A few weeks later, she got a parking citation in the mail for her stolen car. Then she got another. And another. In total, her car got ticketed 29 times while being listed as stolen. She called the police and the city's Department of Parking and Traffic, but didn't get any solid answers about the whereabouts of her car, nor why it was being ticketed after being reported stolen. Eventually, she and a friend decided to drive around locations where the car had been ticketed to try to find it.
After driving for three hours, they located the car and waited for an hour before the police showed up. San Francisco's finest were not interested in catching the thieves and didn't search the car before releasing it.
Hey, we don't lecture so you can quote us!
http://techdirt.com/articles/20071226/014929.shtml
Professor Uses Copyright Threats After Joke Commercial Uses Some Of His Lecture
from the copyright-insanity dept
So many stories of copyright being abused, so little time... The latest, as sent in by Jon and a few others involves an MIT professor who got upset when he found out that a commercial for a Ricoh copier happened to use a tiny bit of text (2 sentences) from one of his published lectures to set up a joke. You can see the commercial here:
You can see the full lecture, but the quotes in the commercial come from the sixth paragraph. The professor then sent a legalistic letter to the folks who made the commercial, who have agreed to "settle" by donating $5,000 to two science related charities. Once again, though, we're seeing a misuse of copyright law in action -- even if the end result is positive (some extra cash for some science charities). It would seem like a clear case of fair use here, where the use of these lines in the commercial were unlikely to damage the commercial potential of the professor's work. It's yet another case where someone is using copyright to try to control all aspects of his work, when that's not its purpose at all.
Interesting. I wonder what other areas are hot?
http://techdirt.com/articles/20071226/020326.shtml
The Journalism Business Is Dying? Someone Forgot To Tell Sports Reporters...
from the time-to-go-into-sports-reporting dept
For all the whining from professional journalists about how the internet is killing newspapers and putting journalists out of work, apparently someone forgot to explain that some of the companies hiring journalists these days. The NY Times has an article noting how ESPN, Yahoo and Sports Illustrated have been slugging it out trying to hire sports reporters from various newspapers, sometimes at three times their existing salaries. Newspapers are complaining that they just can't keep their sports reporters -- which is a fairly amazing statement, because being a sports reporter is a dream job for many people. So, perhaps rather than freaking out about how the internet is "destroying" their business, journalists might want to start looking around at the new opportunities the internet is creating for journalists where they can keep doing what they do best, and actually earn a lot more money.
Your tax dollars at work? Another high-priority target for hackers? (The comments are interesting...)
http://slashdot.org/article.pl?sid=07/12/27/0437230&from=rss
FBI to Put Criminals Up in Lights
Posted by samzenpus on Thursday December 27, @07:52AM from the billboard-busted dept. United States Technology
coondoggie writes "The FBI today said it wants to install 150 digital billboards in 20 major U.S. cities in the next few weeks to show fugitive mug shots, missing people and high-priority security messages from the big bureau. The billboards will let the FBI highlight those people it is looking for the most: violent criminals, kidnap victims, missing kids, bank robbers, even terrorists, the FBI said in a release. And the billboards will be able to be updated largely in real-time — right after a crime is committed, a child is taken, or an attack is launched. Chicago, Las Vegas, Los Angeles and Miami will be among those cities provided with the new billboards."
No comments:
Post a Comment